bits and bytes : Malware

Debate with rogue antispyware maker

tashi — Sun, 04 Nov 2007 20:55:00 GMT

I have been following a discussion of iedefender at CastleCops which is five pages long so far. The topic started with: "Attached below is a copy of IEdefender (hxxp://www.iedefender.com/) a new rogue software." To which the vendor replied:...(read more)

DirectRevenue-Best Offers, shuts down

tashi — Thu, 25 Oct 2007 20:25:00 GMT

Posted on DirectRevenue's home page and giving no reason for the sudden closure. "Best Offers and Direct Revenue have ceased operations. To service legacy consumers we are maintaining this page of uninstall instructions, an uninstall software...(read more)

VirusRay, latest Zlob rogue anti-spyware program

tashi — Tue, 23 Oct 2007 19:53:00 GMT

The Zlob Trojan Downloader typically poses as audio or video codecs, required to be installed on your computer so you can watch or listen to certain media. VirusRay is just the latest infection that downloads and installs rogue anti-spyware programs and...(read more)

Storm Worm Attacks

tashi — Mon, 09 Jul 2007 16:06:00 GMT

The subject matter varies in the attempt to get people to download the bad exe file. Sample: "Virus Activity Detected! Dear Customer, Our robot has detected an abnormal activity from your IP adress on sending e-mails. Probably it is connected with...(read more)

House Passes another Spyware Bill

tashi — Thu, 07 Jun 2007 17:15:00 GMT

The House passed a cyber-security bill that would allow for civil penalties of up to $3,000,000. H.R. 964: Securely Protect Yourself Against Cyber Trespass Act or Spy Act. The bill, introduced by Rep. Adolphus Towns (D-New York), to protect users of the...(read more)

FTC Closes Spyware Operation

tashi — Sun, 10 Sep 2006 03:05:00 GMT

Enternet Media and ConSpy & Co., an operation that placed “Search Miracle” “Miracle Search" “EM Toolbar" “EliteBar” and “Elite Toolbar spyware on consumers' computers; has been ordered by The...(read more)

The Guardian serves up Zango?

tashi — Tue, 15 Aug 2006 17:24:00 GMT

Video nasty, adware nastier say experts of Guardian.co.uk ad By Will Sturgeon Published: Monday 14 August 2006 "In order to view video clips of car smashes and accidents, or download games and screensavers on Zango.com users must install a file called...(read more)

bleedingsnort domain alert

Susanh — Tue, 01 Aug 2006 20:19:00 GMT

Bleeding Snort owned the "bleedingsnort.org" domain but unintentionally let it expire, they have released an alert titled " Domain Gone ." http://www.bleedingsnort.com/article.php?story=20060731094455549 Someone else purchased the...(read more)

Warner Bros. To Cut Link With Adware Firm Zango

Susanh — Sat, 29 Jul 2006 22:10:00 GMT

'Inappropriate Material' Could Reach Children Special to The Washington Post Friday, July 28, 2006; Page D05 Brian Krebs writes: "Warner Bros. Studios, home to Bugs Bunny, Scooby Doo and Harry Potter, said yesterday that it plans to terminate...(read more)

Malware evolution: April - June 2006

Susanh — Tue, 25 Jul 2006 12:45:00 GMT

Viruslist.com Jul 21 2006 Alexander Gostev Senior Virus Analyst, Kaspersky Lab, writes: "Superficially at least, the second quarter of 2006 appeared to be one of the most peaceful in recent years. Significant email or network worm epidemics were...(read more)

Current state of Spyware

Susanh — Tue, 25 Jul 2006 04:37:00 GMT

eWEEK Spyware Fades to a Dull Roar, But Targeted Attacks Loom July 20, 2006 Matt Hines writes: "News Analysis: Analysts agree that most enterprises have reached a point where they can effectively block many forms of spyware, but targeted attacks...(read more)

Malware Masquerading as Microsoft Genuine Advantage (WGA) classified as Worm

Susanh — Fri, 30 Jun 2006 20:51:00 GMT

Security analysts have detected a new piece of malware that appears to run as a Microsoft program used to detect unlicensed versions of its operating system.

The malware has been classified as a worm and spreads through AOL's Instant Messenger program, said Graham Cluley, senior technology consultant for Sophos PLC, a security vendor.
Sophos is calling it W32/Cuebot-K a new variation in the Cuebot family of malware. Aliases Backdoor.Win32.IRCBot.st
Win32/IRCBot.OO

Cuebot-K can disable other software, shut off the Windows firewall, download new malicious programs, perform basic DDOS (distributed denial of service) attacks, scan local files and spawn a command prompt, Sophos said.

Article here

Information on AIM Viruses/Worms at jayloden.com

Malware posing as WGA validation and notification

Susanh — Fri, 30 Jun 2006 11:30:00 GMT

New malware recently discovered on at least two help sites.

AUMHA FORUMS

DaniWeb

The file name is wgavn.exe

It creates a service named "Windows Genuine Advantage Validation Notification", as seen in the HijackThis log.

O23 - Service: Windows Genuine Advantage Validation Notification (wgavn) - Unknown owner - C:\WINDOWS\system32\wgavn.exe

Researchers report the malware disabled various security applications and System Restore.

More here